Enforcing RFID data visibility restrictions using XACML security policies

Pardal, Miguel L.; Harrison, Mark; Marques, Jorge S.

doi:10.1109/rfid-ta.2012.6404558

Cited by 2 publications

(7 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The Supply Chain Authorization (SC-Az) Application Programming Interface (API) has been proposed recently [27] to allow companies participating in a supply chain to express their authorizations using business concepts such as item, company, etc. ; and then to enforce the resulting policies using alternative underlying mechanisms.…”

Section: A Extensible Access Control Markup Languagementioning

confidence: 99%

“…The policy master copy is maintained at the EPC DS, but a local copy is maintained in each IS to also protect its records locally. 5 The conversion of EAC and CCT to XACML is described in [27].…”

Section: Deploymentmentioning

confidence: 99%

“…The SC-Az assessment tool [27] was used to perform test runs to measure both from the 'raw' EAC, CCT and CTA mechanisms and from their XACML-equivalent forms.…”

Section: Performance Assessmentmentioning

confidence: 99%

See 2 more Smart Citations

Performance assessment of XACML authorizations for Supply Chain Traceability Web Services

Pardal

Harrison

Marques

2012

2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN)

Self Cite

View full text Add to dashboard Cite

Abstract-Service-Oriented Architecture (SOA) and Web Services (WS) offer advanced flexibility and interoperability capabilities. However they imply significant performance overheads that need to be carefully considered.Supply Chain Management (SCM) and Traceability systems are an interesting domain for the use of WS technologies that are usually deemed to be too complex and unnecessary in practical applications, especially regarding security.This paper presents an externalized security architecture that uses the eXtensible Access Control Markup Language (XACML) authorization standard to enforce visibility restrictions on traceability data in a supply chain where multiple companies collaborate; the performance overheads are assessed by comparing 'raw' authorization implementations -Access Control Lists, Tokens, and RDF Assertions -with their XACML-equivalents.

show abstract

Section: A Extensible Access Control Markup Languagementioning

confidence: 99%

Section: Deploymentmentioning

confidence: 99%

See 1 more Smart Citation

Performance assessment of XACML authorizations for Supply Chain Traceability Web Services

Pardal

Harrison

Marques

2012

2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN)

Self Cite

View full text Add to dashboard Cite

show abstract

“…[2][3]. Therefore DS must authenticate the user's identity first before this user is allowed to access DS [4].…”

Section: Introductionmentioning

confidence: 99%

“…The user identity authentication for DS is a crucial problem. By analyzing the application scenarios and relevant literatures [2][3][4][5], we summarize the following important requirements of the user identity authentication scheme for DS:…”

Section: Introductionmentioning

confidence: 99%

CUIAS - A User Identity Authentication Service for Discovery Service

Liu

Kong

Tian

et al. 2014

2014 IEEE International Conference on Internet of Things(iThings), and IEEE Green Computing and Communications (GreenCom) and I

View full text Add to dashboard Cite

Discovery service (DS) is designed to serve the following lookup function: Given the RFID identifier of an object, it returns a list of Internet addresses of servers about this object across the supply chain, which offer detailed information about it. The information stored in DS is commercially sensitive, which can reveal flow patterns, trading relationships or inventory levels, etc. Therefore DS must authenticate the user's identity first before this user is allowed to access DS. However, no user identity authentication schemes satisfying the actual requirements have been proposed until now. So this paper focuses on this problem and presents Centralized User Identity Authentication Service (CUIAS) based on SAML and PKI for DS, which is deployed as a DHT network, offering excellent performance scalability. Through CUIAS, once a user is authenticated, then it can access DS many times in a certain period, which not only simplifies the user's access process but also reduces the user's resource cost. To ensure the data availability and data confidentiality of CUIAS, the original data is split into multiple smaller blocks using Information Dispersal Algorithm (IDA) and then they are scattered within CUIAS. By analysis and evaluation, CUIAS can satisfy the actual requirements and offer reliable and secure service.

show abstract

Enforcing RFID data visibility restrictions using XACML security policies

Cited by 2 publications

References 16 publications

Performance assessment of XACML authorizations for Supply Chain Traceability Web Services

Performance assessment of XACML authorizations for Supply Chain Traceability Web Services

CUIAS - A User Identity Authentication Service for Discovery Service

Contact Info

Product

Resources

About